Security on the Internet of Things is still more of a nice idea than an implementation. The category is still so nascent, with so many players trying to stake a claim, that there hasn’t really been much of a push to standardize on much. While market forces will probably sort this out in the long run, it’s a huge problem for consumers who have bought in early. While these are still early adopters, there’s a difference between a product not working or not being supported because it’s early days, and a product leaving a gaping hole in your privacy. It’s one thing to be an early adopter on MP3 players and get stuck with a bulky product or DRM. It’s another when you buy a IoT device with a camera that anyone with the IP address can view.
That’s why I’m heartened by Google’s promotion of Project Brillo into the more official but awkwardly named “Android Things”. Lazy naming aside, it should provide a reasonably secure, updatable and transparent network communication fabric for IoT device. The problem still is that it currently only supports platform boards, Intel Edison, NXP Pico, and the Raspberry Pi 3. Still, a player with Google’s clout goes a long way to pushing a standard.
Ars Technica comments: